9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.8%
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)
net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)
golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)
golang: go/parser: Infinite loop in parsing (CVE-2023-24537)
golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)
golang: html/template: improper sanitization of CSS values (CVE-2023-24539)
golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)
golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 9 | aarch64 | skopeo-debuginfo | < 1.13.3-1.el9 | skopeo-debuginfo-1.13.3-1.el9.aarch64.rpm |
RedHat | 9 | ppc64le | skopeo | < 1.13.3-1.el9 | skopeo-1.13.3-1.el9.ppc64le.rpm |
RedHat | 9 | aarch64 | skopeo-tests | < 1.13.3-1.el9 | skopeo-tests-1.13.3-1.el9.aarch64.rpm |
RedHat | 9 | s390x | skopeo-debugsource | < 1.13.3-1.el9 | skopeo-debugsource-1.13.3-1.el9.s390x.rpm |
RedHat | 9 | ppc64le | skopeo-debugsource | < 1.13.3-1.el9 | skopeo-debugsource-1.13.3-1.el9.ppc64le.rpm |
RedHat | 9 | x86_64 | skopeo | < 1.13.3-1.el9 | skopeo-1.13.3-1.el9.x86_64.rpm |
RedHat | 9 | s390x | skopeo | < 1.13.3-1.el9 | skopeo-1.13.3-1.el9.s390x.rpm |
RedHat | 9 | aarch64 | skopeo-debugsource | < 1.13.3-1.el9 | skopeo-debugsource-1.13.3-1.el9.aarch64.rpm |
RedHat | 9 | x86_64 | skopeo-tests | < 1.13.3-1.el9 | skopeo-tests-1.13.3-1.el9.x86_64.rpm |
RedHat | 9 | s390x | skopeo-debuginfo | < 1.13.3-1.el9 | skopeo-debuginfo-1.13.3-1.el9.s390x.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.8%