Fedora Linux 8811 Published by

A skopeo security update has been released for Fedora 33.



SECURITY: Fedora 33 Update: skopeo-1.2.0-3.fc33


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-7b6058fec9
2020-10-06 00:14:55.971279
--------------------------------------------------------------------------------

Name : skopeo
Product : Fedora 33
Version : 1.2.0
Release : 3.fc33
URL :   https://github.com/containers/skopeo
Summary : Inspect container images and repositories on registries
Description :
Command line utility to inspect images and repositories directly on Docker
registries without the need to pull them

--------------------------------------------------------------------------------
Update Information:

autobuilt v2.1.0, Security fix for CVE-2020-14370 ---- correct release tag
on account of prior faulty build_tag macro ---- Add back in capability
SYS_CHROOT. ---- Remove fchmodat2 from seccomp filters, since it is not in
upstream kernel yet. ---- Remove dangerous capabilities by default. ----
Autobuilt v1.1.1
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 2 2020 Lokesh Mandvekar - 1:1.2.0-3
- Resolves: #1880094
- rebuild for bodhi sake
* Fri Oct 2 2020 Dan Walsh - 1:1.2.0-2
- Add SETFCAP back into default capabilities
* Thu Oct 1 2020 Lokesh Mandvekar - 1:1.2.0-1
- bump to v1.2.0
* Thu Oct 1 2020 Lokesh Mandvekar - 1:1.1.1-11
- fix skopeo gating test
* Mon Sep 28 2020 Lokesh Mandvekar - 1:1.1.1-10
- tests subpackage requires openssl
* Fri Sep 25 2020 Dan Walsh - 1:1.1.1-9
- Modify the range of groups used in net.ipv4.ping_group_range to be 1 so that
- it will work more easily with User Namespaces
- Also turn back on AUDIT_WRITE until seccomp.json file is fixed
* Wed Sep 23 2020 Lokesh Mandvekar - 1:1.1.1-8
- correct release tag on account of prior faulty build_tag macro
* Mon Sep 21 2020 RH Container Bot - 1:1.1.1-1
- autobuilt v1.1.1
* Mon Sep 21 2020 Dan Walsh - 1:1.1.1-7
- Add SYS_CHROOT back into default capabilities
* Mon Sep 21 2020 RH Container Bot - 1:1.1.1-1
- autobuilt v1.1.1
* Mon Sep 21 2020 Dan Walsh - 1:1.1.1-6
- Remove fchmodat2 from seccomp.json (This syscall does not exist yet)
* Thu Sep 17 2020 RH Container Bot - 1:1.1.1-1
- autobuilt v1.1.1
* Thu Sep 17 2020 Dan Walsh - 1:1.1.1-5
- Remove NET_RAW, SYS_CHROOT, MKNOD and AUDIT_WRITE from default list of capabilities
- Turn on ping for 65k users
* Sat Sep 12 2020 Dan Walsh - 1:1.1.1-4
- update man pages
- Update seccomp rules
- Update configuration files in containers-common
- Update configuration files in containers-storage
* Wed Sep 2 2020 RH Container Bot - 1:1.1.1-1
- autobuilt v1.1.1
* Mon Aug 10 2020 RH Container Bot - 1:1.1.1-30.dev.git0c2c7f4
- autobuilt 0c2c7f4
* Sun Aug 9 2020 RH Container Bot - 1:1.1.1-29.dev.git0f94dbc
- autobuilt 0f94dbc
* Sat Aug 8 2020 RH Container Bot - 1:1.1.1-28.dev.gitbaeaad6
- autobuilt baeaad6
* Fri Aug 7 2020 RH Container Bot - 1:1.1.1-27.dev.git78d2f67
- autobuilt 78d2f67
* Mon Aug 3 2020 RH Container Bot - 1:1.1.1-26.dev.gitc052ed7
- autobuilt c052ed7
* Mon Aug 3 2020 RH Container Bot - 1:1.1.1-25.dev.git5e88eb5
- autobuilt 5e88eb5
* Sun Aug 2 2020 Dan Walsh - 1:1.1.1-23.dev.git62fd5a7
- Update configuration files in containers-common
- Update configuration files in containers-storage
* Sat Aug 1 2020 Fedora Release Engineering - 1:1.1.1-23.dev.git62fd5a7
- Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jul 31 2020 RH Container Bot - 1:1.1.1-22.dev.git62fd5a7
- autobuilt 62fd5a7
* Thu Jul 30 2020 RH Container Bot - 1:1.1.1-21.dev.git6252c22
- autobuilt 6252c22
* Wed Jul 29 2020 Fedora Release Engineering - 1:1.1.1-20.dev.git153f18d
- Rebuilt for   https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jul 23 2020 RH Container Bot - 1:1.1.1-19.dev.git153f18d
- autobuilt 153f18d
* Sat Jul 18 2020 RH Container Bot - 1:1.1.1-18.dev.git494d237
- autobuilt 494d237
* Fri Jul 17 2020 RH Container Bot - 1:1.1.1-17.dev.git89fb89a
- autobuilt 89fb89a
* Thu Jul 16 2020 RH Container Bot - 1:1.1.1-16.dev.git29eec32
- autobuilt 29eec32
* Thu Jul 16 2020 RH Container Bot - 1:1.1.1-15.dev.git2fa7b99
- autobuilt 2fa7b99
* Sat Jul 11 2020 RH Container Bot - 1:1.1.1-14.dev.git6284ceb
- autobuilt 6284ceb
* Sat Jul 11 2020 RH Container Bot - 1:1.1.1-13.dev.git6e295a2
- autobuilt 6e295a2
* Fri Jul 10 2020 RH Container Bot - 1:1.1.1-12.dev.gitf63685f
- autobuilt f63685f
* Thu Jul 9 2020 RH Container Bot - 1:1.1.1-11.dev.gitdc5f68f
- autobuilt dc5f68f
* Thu Jul 9 2020 RH Container Bot - 1:1.1.1-10.dev.git840c487
- autobuilt 840c487
* Wed Jul 8 2020 RH Container Bot - 1:1.1.1-9.dev.gitee72e80
- autobuilt ee72e80
* Thu Jul 2 2020 RH Container Bot - 1:1.1.1-8.dev.git6182aa3
- autobuilt 6182aa3
* Wed Jul 1 2020 RH Container Bot - 1:1.1.1-7.dev.gitac6b871
- autobuilt ac6b871
* Tue Jun 30 2020 Dan Walsh - 1:1.1.1-6.dev.gitba8cbf5
- Update configuration files in containers-common
* Fri Jun 26 2020 RH Container Bot - 1:1.1.1-5.dev.gitba8cbf5
- autobuilt ba8cbf5
* Mon Jun 22 2020 RH Container Bot - 1:1.1.1-4.dev.git7815c8a
- autobuilt 7815c8a
* Mon Jun 22 2020 RH Container Bot - 1:1.1.1-3.dev.git233e61c
- autobuilt 233e61c
* Thu Jun 18 2020 RH Container Bot - 1:1.1.1-2.dev.git96bd4a0
- bump to 1.1.1
- autobuilt 96bd4a0
* Thu Jun 18 2020 RH Container Bot - 1:1.0.1-17.dev.git6b78619
- autobuilt 6b78619
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1874268 - CVE-2020-14370 podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API
  https://bugzilla.redhat.com/show_bug.cgi?id=1874268
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-7b6058fec9' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys