(RHSA-2020:1230) Moderate: skopeo security and bug fix update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

Security Fix(es):

• proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Skopeo doesn’t handle HTTP 429 errors properly (BZ#1752775)

• skopeo does not show manifest manifest.list.v2 for special cases (BZ#1754905)

• skopeo inspect results in panic: runtime error: invalid memory address or nil pointer dereference (BZ#1769575)

• skopeo should be linked against gpgme-pthread (BZ#1793080)

• docker won’t start because registries service won’t start (BZ#1812505)