Fedora 36: 2023-a4baceec07 medium: manifest-tool security advisory

This tool was mainly created for the purpose of viewing, creating, and

pushing the new manifests list object type in the Docker registry. Manifest

lists are defined in the v2.2 image specification and exist mainly for the

purpose of supporting multi-architecture and/or multi-platform images within

a Docker registry.

Update to latest upstream release

* Fri Mar 3 2023 Josh Boyer - 2.0.8-1

- Update to latest upstream release

- Fixes RhBug 2174535 CVE-2023-25173

[ 1 ] Bug #2106664 - manifest-tool-2.0.8 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2106664

[ 2 ] Bug #2163549 - CVE-2022-3064 manifest-tool: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2163549

[ 3 ] Bug #2174535 - manifest-tool: containerd: Supplementary groups are not set up properly [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2174535

su -c 'dnf upgrade --advisory FEDORA-2023-a4baceec07' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: