CVE-2024-28180 Affecting skopeo-tests package, versions <2:1.14.3-2.el9_4
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ALMALINUX9-SKOPEOTESTS-6811257
- published 7 May 2024
- disclosed 11 Jun 2024
Introduced: 7 May 2024
CVE-2024-28180 Open this link in a new tabHow to fix?
Upgrade AlmaLinux:9
skopeo-tests
to version 2:1.14.3-2.el9_4 or higher.
This issue was patched in ALSA-2024:2549
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream skopeo-tests
package and not the skopeo-tests
package as distributed by AlmaLinux
.
See How to fix?
for AlmaLinux:9
relevant fixed versions and status.
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
References
- https://errata.almalinux.org/9/ALSA-2024-2549.html
- https://errata.almalinux.org/8/ALSA-2024-3254.html
- https://errata.almalinux.org/9/ALSA-2024-3826.html
- https://errata.almalinux.org/9/ALSA-2024-3827.html
- https://errata.almalinux.org/8/ALSA-2024-3968.html
- https://access.redhat.com/security/cve/CVE-2024-28180
- https://access.redhat.com/errata/RHSA-2024:2549
- https://access.redhat.com/errata/RHSA-2024:3254
- https://access.redhat.com/errata/RHSA-2024:3826
- https://access.redhat.com/errata/RHSA-2024:3827
- https://access.redhat.com/errata/RHSA-2024:3968
- https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298
- https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a
- https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502
- https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/