openSUSE: 2020:0377-1: moderate: skopeo

    Date25 Mar 2020
    145
    Posted ByLinuxSecurity Advisories
    An update that solves one vulnerability and has one errata is now available.
       openSUSE Security Update: Security update for skopeo
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2020:0377-1
    Rating:             moderate
    References:         #1159530 #1165715 
    Cross-References:   CVE-2019-10214
    Affected Products:
                        openSUSE Leap 15.1
    ______________________________________________________________________________
    
       An update that solves one vulnerability and has one errata
       is now available.
    
    Description:
    
       This update for skopeo fixes the following issues:
    
       Update to skopeo v0.1.41 (bsc#1165715):
    
       - Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1
       - Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8
       - Bump github.com/containers/common from 0.0.7 to 0.1.4
       - Remove the reference to openshift/api
       - vendor github.com/containers/image/v5@v5.2.0
       - Manually update buildah to v1.13.1
       - add specific authfile options to copy (and sync) command.
       - Bump github.com/containers/buildah from 1.11.6 to 1.12.0
       - Add context to --encryption-key / --decryption-key processing failures
       - Bump github.com/containers/storage from 1.15.2 to 1.15.3
       - Bump github.com/containers/buildah from 1.11.5 to 1.11.6
       - remove direct reference on c/image/storage
       - Makefile: set GOBIN
       - Bump gopkg.in/yaml.v2 from 2.2.2 to 2.2.7
       - Bump github.com/containers/storage from 1.15.1 to 1.15.2
       - Introduce the sync command
       - openshift cluster: remove .docker directory on teardown
       - Bump github.com/containers/storage from 1.14.0 to 1.15.1
       - document installation via apk on alpine
       - Fix typos in doc for image encryption
       - Image encryption/decryption support in skopeo
       - make vendor-in-container
       - Bump github.com/containers/buildah from 1.11.4 to 1.11.5
       - Travis: use go v1.13
       - Use a Windows Nano Server image instead of Server Core for multi-arch
         testing
       - Increase test timeout to 15 minutes
       - Run the test-system container without --net=host
       - Mount /run/systemd/journal/socket into test-system containers
       - Don't unnecessarily filter out vendor from (go list ./...)
         output
       - Use -mod=vendor in (go {list,test,vet})
       - Bump github.com/containers/buildah from 1.8.4 to 1.11.4
       - Bump github.com/urfave/cli from 1.20.0 to 1.22.1
       - skopeo: drop support for ostree
       - Don't critically fail on a 403 when listing tags
       - Revert "Temporarily work around auth.json location confusion"
       - Remove references to atomic
       - Remove references to storage.conf
       - Dockerfile: use golang-github-cpuguy83-go-md2man
       - bump version to v0.1.41-dev
       - systemtest: inspect container image different from current platform arch
    
       Changes in v0.1.40:
    
       - vendor containers/image v5.0.0
       - copy: add a --all/-a flag
       - System tests: various fixes
       - Temporarily work around auth.json location confusion
       - systemtest: copy: docker->storage->oci-archive
       - systemtest/010-inspect.bats: require only PATH
       - systemtest: add simple env test in inspect.bats
       - bash completion: add comments to keep scattered options in sync
       - bash completion: use read -r instead of disabling SC2207
       - bash completion: support --opt arg completion
       - bash-completion: use replacement instead of sed
       - bash completion: disable shellcheck SC2207
       - bash completion: double-quote to avoid re-splitting
       - bash completions: use bash replacement instead of sed
       - bash completion: remove unused variable
       - bash-completions: split decl and assignment to avoid masking retvals
       - bash completion: double-quote fixes
       - bash completion: hard-set PROG=skopeo
       - bash completion: remove unused variable
       - bash completion: use `||` instead of `-o`
       - bash completion: rm eval on assigned variable
       - copy: add --dest-compress-format and --dest-compress-level
       - flag: add optionalIntValue
       - Makefile: use go proxy
       - inspect --raw: skip the NewImage() step
       - update OCI image-spec to 775207bd45b6cb8153ce218cc59351799217451f
       - inspect.go: inspect env variables
       - ostree: use both image and & storage buildtags
    
    
       Update to skopeo v0.1.39 (bsc#1159530):
    
       - inspect: add a --config flag
       - Add --no-creds flag to skopeo inspect
       - Add --quiet option to skopeo copy
       - New progress bars
       - Parallel Pulls and Pushes for major speed improvements
       - containers/image moved to a new progress-bar library to fix various
         issues related to overlapping bars and redundant entries.
       - enforce blocking of registries
       - Allow storage-multiple-manifests
       - When copying images and the output is not a tty (e.g., when piping to a
         file) print single lines instead of using progress bars. This avoids
         long and hard to parse output
       - man pages: add --dest-oci-accept-uncompressed-layers
       - completions:
         - Introduce transports completions
         - Fix bash completions when a option requires a argument
         - Use only spaces in indent
          - Fix completions with a global option
         - add --dest-oci-accept-uncompressed-layers
    
       This update was imported from the SUSE:SLE-15:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2020-377=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (x86_64):
    
          skopeo-0.1.41-lp151.2.6.1
          skopeo-debuginfo-0.1.41-lp151.2.6.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-10214.html
       https://bugzilla.suse.com/1159530
       https://bugzilla.suse.com/1165715
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.