openSUSE: 2020:0377-1: moderate: skopeo

    Date25 Mar 2020
    Posted ByLinuxSecurity Advisories
    An update that solves one vulnerability and has one errata is now available.
       openSUSE Security Update: Security update for skopeo
    Announcement ID:    openSUSE-SU-2020:0377-1
    Rating:             moderate
    References:         #1159530 #1165715 
    Cross-References:   CVE-2019-10214
    Affected Products:
                        openSUSE Leap 15.1
       An update that solves one vulnerability and has one errata
       is now available.
       This update for skopeo fixes the following issues:
       Update to skopeo v0.1.41 (bsc#1165715):
       - Bump from 5.2.0 to 5.2.1
       - Bump from 2.2.7 to 2.2.8
       - Bump from 0.0.7 to 0.1.4
       - Remove the reference to openshift/api
       - vendor
       - Manually update buildah to v1.13.1
       - add specific authfile options to copy (and sync) command.
       - Bump from 1.11.6 to 1.12.0
       - Add context to --encryption-key / --decryption-key processing failures
       - Bump from 1.15.2 to 1.15.3
       - Bump from 1.11.5 to 1.11.6
       - remove direct reference on c/image/storage
       - Makefile: set GOBIN
       - Bump from 2.2.2 to 2.2.7
       - Bump from 1.15.1 to 1.15.2
       - Introduce the sync command
       - openshift cluster: remove .docker directory on teardown
       - Bump from 1.14.0 to 1.15.1
       - document installation via apk on alpine
       - Fix typos in doc for image encryption
       - Image encryption/decryption support in skopeo
       - make vendor-in-container
       - Bump from 1.11.4 to 1.11.5
       - Travis: use go v1.13
       - Use a Windows Nano Server image instead of Server Core for multi-arch
       - Increase test timeout to 15 minutes
       - Run the test-system container without --net=host
       - Mount /run/systemd/journal/socket into test-system containers
       - Don't unnecessarily filter out vendor from (go list ./...)
       - Use -mod=vendor in (go {list,test,vet})
       - Bump from 1.8.4 to 1.11.4
       - Bump from 1.20.0 to 1.22.1
       - skopeo: drop support for ostree
       - Don't critically fail on a 403 when listing tags
       - Revert "Temporarily work around auth.json location confusion"
       - Remove references to atomic
       - Remove references to storage.conf
       - Dockerfile: use golang-github-cpuguy83-go-md2man
       - bump version to v0.1.41-dev
       - systemtest: inspect container image different from current platform arch
       Changes in v0.1.40:
       - vendor containers/image v5.0.0
       - copy: add a --all/-a flag
       - System tests: various fixes
       - Temporarily work around auth.json location confusion
       - systemtest: copy: docker->storage->oci-archive
       - systemtest/010-inspect.bats: require only PATH
       - systemtest: add simple env test in inspect.bats
       - bash completion: add comments to keep scattered options in sync
       - bash completion: use read -r instead of disabling SC2207
       - bash completion: support --opt arg completion
       - bash-completion: use replacement instead of sed
       - bash completion: disable shellcheck SC2207
       - bash completion: double-quote to avoid re-splitting
       - bash completions: use bash replacement instead of sed
       - bash completion: remove unused variable
       - bash-completions: split decl and assignment to avoid masking retvals
       - bash completion: double-quote fixes
       - bash completion: hard-set PROG=skopeo
       - bash completion: remove unused variable
       - bash completion: use `||` instead of `-o`
       - bash completion: rm eval on assigned variable
       - copy: add --dest-compress-format and --dest-compress-level
       - flag: add optionalIntValue
       - Makefile: use go proxy
       - inspect --raw: skip the NewImage() step
       - update OCI image-spec to 775207bd45b6cb8153ce218cc59351799217451f
       - inspect.go: inspect env variables
       - ostree: use both image and & storage buildtags
       Update to skopeo v0.1.39 (bsc#1159530):
       - inspect: add a --config flag
       - Add --no-creds flag to skopeo inspect
       - Add --quiet option to skopeo copy
       - New progress bars
       - Parallel Pulls and Pushes for major speed improvements
       - containers/image moved to a new progress-bar library to fix various
         issues related to overlapping bars and redundant entries.
       - enforce blocking of registries
       - Allow storage-multiple-manifests
       - When copying images and the output is not a tty (e.g., when piping to a
         file) print single lines instead of using progress bars. This avoids
         long and hard to parse output
       - man pages: add --dest-oci-accept-uncompressed-layers
       - completions:
         - Introduce transports completions
         - Fix bash completions when a option requires a argument
         - Use only spaces in indent
          - Fix completions with a global option
         - add --dest-oci-accept-uncompressed-layers
       This update was imported from the SUSE:SLE-15:Update update project.
    Patch Instructions:
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
       Alternatively you can run the command listed for your product:
       - openSUSE Leap 15.1:
          zypper in -t patch openSUSE-2020-377=1
    Package List:
       - openSUSE Leap 15.1 (x86_64):

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.