RLSA-2024:2549 --- skopeoID: oval:org.secpod.oval:def:5800264 | Date: (C)2024-05-21 (M)2024-05-21 |
Class: PATCH | Family: unix |
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix: * golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON Bug Fix: * TRIAGE CVE-2024-24786 skopeo: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [rhel-9] - Rocky Linux 9.4 0day * skopeo: jose-go: improper handling of highly compressed data [rhel-9]