SUSE Security Update: Security update for skopeo
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:0712-1
Rating:             moderate
References:         #1159530 #1165715 
Cross-References:   CVE-2019-10214
Affected Products:
                    SUSE Linux Enterprise Module for Server Applications 15-SP1
______________________________________________________________________________

   An update that solves one vulnerability and has one errata
   is now available.

Description:

   This update for skopeo fixes the following issues:

   Update to skopeo v0.1.41 (bsc#1165715):

   - Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1
   - Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8
   - Bump github.com/containers/common from 0.0.7 to 0.1.4
   - Remove the reference to openshift/api
   - vendor github.com/containers/image/v5@v5.2.0
   - Manually update buildah to v1.13.1
   - add specific authfile options to copy (and sync) command.
   - Bump github.com/containers/buildah from 1.11.6 to 1.12.0
   - Add context to --encryption-key / --decryption-key processing failures
   - Bump github.com/containers/storage from 1.15.2 to 1.15.3
   - Bump github.com/containers/buildah from 1.11.5 to 1.11.6
   - remove direct reference on c/image/storage
   - Makefile: set GOBIN
   - Bump gopkg.in/yaml.v2 from 2.2.2 to 2.2.7
   - Bump github.com/containers/storage from 1.15.1 to 1.15.2
   - Introduce the sync command
   - openshift cluster: remove .docker directory on teardown
   - Bump github.com/containers/storage from 1.14.0 to 1.15.1
   - document installation via apk on alpine
   - Fix typos in doc for image encryption
   - Image encryption/decryption support in skopeo
   - make vendor-in-container
   - Bump github.com/containers/buildah from 1.11.4 to 1.11.5
   - Travis: use go v1.13
   - Use a Windows Nano Server image instead of Server Core for multi-arch
     testing
   - Increase test timeout to 15 minutes
   - Run the test-system container without --net=host
   - Mount /run/systemd/journal/socket into test-system containers   - Don't unnecessarily filter out vendor from (go list ./...)
     output
   - Use -mod=vendor in (go {list,test,vet})
   - Bump github.com/containers/buildah from 1.8.4 to 1.11.4
   - Bump github.com/urfave/cli from 1.20.0 to 1.22.1
   - skopeo: drop support for ostree
   - Don't critically fail on a 403 when listing tags
   - Revert "Temporarily work around auth.json location confusion"
   - Remove references to atomic
   - Remove references to storage.conf
   - Dockerfile: use golang-github-cpuguy83-go-md2man
   - bump version to v0.1.41-dev
   - systemtest: inspect container image different from current platform arch

   Changes in v0.1.40:

   - vendor containers/image v5.0.0
   - copy: add a --all/-a flag
   - System tests: various fixes
   - Temporarily work around auth.json location confusion
   - systemtest: copy: docker->storage->oci-archive
   - systemtest/010-inspect.bats: require only PATH
   - systemtest: add simple env test in inspect.bats
   - bash completion: add comments to keep scattered options in sync
   - bash completion: use read -r instead of disabling SC2207
   - bash completion: support --opt arg completion
   - bash-completion: use replacement instead of sed
   - bash completion: disable shellcheck SC2207
   - bash completion: double-quote to avoid re-splitting
   - bash completions: use bash replacement instead of sed
   - bash completion: remove unused variable
   - bash-completions: split decl and assignment to avoid masking retvals
   - bash completion: double-quote fixes
   - bash completion: hard-set PROG=skopeo
   - bash completion: remove unused variable
   - bash completion: use `||` instead of `-o`
   - bash completion: rm eval on assigned variable
   - copy: add --dest-compress-format and --dest-compress-level
   - flag: add optionalIntValue
   - Makefile: use go proxy
   - inspect --raw: skip the NewImage() step
   - update OCI image-spec to 775207bd45b6cb8153ce218cc59351799217451f
   - inspect.go: inspect env variables
   - ostree: use both image and & storage buildtags


   Update to skopeo v0.1.39 (bsc#1159530):

   - inspect: add a --config flag
   - Add --no-creds flag to skopeo inspect
   - Add --quiet option to skopeo copy
   - New progress bars   - Parallel Pulls and Pushes for major speed improvements
   - containers/image moved to a new progress-bar library to fix various
     issues related to overlapping bars and redundant entries.
   - enforce blocking of registries
   - Allow storage-multiple-manifests
   - When copying images and the output is not a tty (e.g., when piping to a
     file) print single lines instead of using progress bars. This avoids
     long and hard to parse output
   - man pages: add --dest-oci-accept-uncompressed-layers   - completions:
     - Introduce transports completions
     - Fix bash completions when a option requires a argument
     - Use only spaces in indent
      - Fix completions with a global option
     - add --dest-oci-accept-uncompressed-layers

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Server Applications 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-712=1



Package List:

   - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64):

      skopeo-0.1.41-4.11.1
      skopeo-debuginfo-0.1.41-4.11.1


References:

   https://www.suse.com/security/cve/CVE-2019-10214.html
   https://bugzilla.suse.com/1159530
   https://bugzilla.suse.com/1165715

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2020:0712-1 moderate: skopeo

March 18, 2020
An update that solves one vulnerability and has one errata is now available

Summary

This update for skopeo fixes the following issues: Update to skopeo v0.1.41 (bsc#1165715): - Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1 - Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8 - Bump github.com/containers/common from 0.0.7 to 0.1.4 - Remove the reference to openshift/api - vendor github.com/containers/image/v5@v5.2.0 - Manually update buildah to v1.13.1 - add specific authfile options to copy (and sync) command. - Bump github.com/containers/buildah from 1.11.6 to 1.12.0 - Add context to --encryption-key / --decryption-key processing failures - Bump github.com/containers/storage from 1.15.2 to 1.15.3 - Bump github.com/containers/buildah from 1.11.5 to 1.11.6 - remove direct reference on c/image/storage - Makefile: set GOBIN - Bump gopkg.in/yaml.v2 from 2.2.2 to 2.2.7 - Bump github.com/containers/storage from 1.15.1 to 1.15.2 - Introduce the sync command - openshift cluster: remove .docker directory on teard...

Read the Full Advisory

References

#1159530 #1165715

Cross- CVE-2019-10214

Affected Products:

SUSE Linux Enterprise Module for Server Applications 15-SP1

https://www.suse.com/security/cve/CVE-2019-10214.html

https://bugzilla.suse.com/1159530

https://bugzilla.suse.com/1165715

Severity
Announcement ID: SUSE-SU-2020:0712-1
Rating: moderate

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved