SUSE SLED15 / SLES15 / openSUSE 15 Security Update : skopeo (SUSE-SU-2024:1497-1)

high Nessus Plugin ID 195106

Language:

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1497-1 advisory.

- Update to version 1.14.2:
* [release-1.14] Bump Skopeo to v1.14.2
* [release-1.14] Bump c/image to v5.29.2, c/common to v0.57.3 (fixes bsc#1219563)

- Update to version 1.14.1:
* Bump to v1.14.1
* fix(deps): update module github.com/containers/common to v0.57.2
* fix(deps): update module github.com/containers/image/v5 to v5.29.1
* chore(deps): update dependency containers/automation_images to v20240102
* Fix libsubid detection
* fix(deps): update module golang.org/x/term to v0.16.0
* fix(deps): update golang.org/x/exp digest to 02704c9
* chore(deps): update dependency containers/automation_images to v20231208
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containers/common to v0.57.1
* fix(deps): update golang.org/x/exp digest to 6522937
* DOCS: add Gentoo in install.md
* DOCS: Update to add Arch Linux in install.md
* fix(deps): update module golang.org/x/term to v0.15.0
* Bump to v1.14.1-dev

- Update to version 1.14.0:
* Bump to v1.14.0
* fix(deps): update module github.com/containers/common to v0.57.0
* chore(deps): update dependency containers/automation_images to v20231116
* fix(deps): update module github.com/containers/image/v5 to v5.29.0
* Add documentation and smoke tests for the new --compat-auth-file options
* Update c/image and c/common to latest
* fix(deps): update module github.com/containers/storage to v1.51.0
* fix(deps): update module golang.org/x/term to v0.14.0
* fix(deps): update module github.com/spf13/cobra to v1.8.0
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1
* fix(deps): update github.com/containers/common digest to 3e5caa0
* chore(deps): update module google.golang.org/grpc to v1.57.1 [security]
* fix(deps): update module github.com/containers/ocicrypt to v1.1.9
* Update github.com/klauspost/compress to v1.17.2
* chore(deps): update module github.com/docker/docker to v24.0.7+incompatible [security]
* Fix ENTRYPOINT documentation, drop others.
* Remove unused environment variables in Cirrus
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0
* chore(deps): update dependency containers/automation_images to v20231004
* chore(deps): update module golang.org/x/net to v0.17.0 [security]
* copy: Note support for `zstd:chunked`
* fix(deps): update module golang.org/x/term to v0.13.0
* fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible
* fix(deps): update github.com/containers/common digest to 745eaa4
* Packit: switch to @containers/packit-build team for copr failure notification comments
* Packit: tag @lsm5 on copr build failures
* vendor of containers/common
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
* fix(deps): update module github.com/containers/common to v0.56.0
* Cirrus: Remove multi-arch skopeo image builds
* fix(deps): update module github.com/containers/image/v5 to v5.28.0
* Increase the golangci-lint timeout
* fix(deps): update module github.com/containers/storage to v1.50.2
* fix(deps): update module github.com/containers/storage to v1.50.1
* fix(deps): update golang.org/x/exp digest to 9212866
* Fix a man page link
* fix(deps): update github.com/containers/image/v5 digest to 58d5eb6
* GHA: Closed issue/PR comment-lock test
* fix(deps): update module github.com/containers/common to v0.55.4
* fix(deps): update module github.com/containers/storage to v1.49.0
* rpm: spdx compatible license field
* chore(deps): update dependency golangci/golangci-lint to v1.54.2
* chore(deps): update dependency containers/automation_images to v20230816
* Packit: set eln target correctly
* packit: Build PRs into default packit COPRs
* DOCS: Update Go version requirement info
* DOCS: Add information about the cross-build
* fix(deps): update module github.com/containers/ocicrypt to v1.1.8
* fix(deps): update module github.com/containers/common to v0.55.3
* Update c/image after https://github.com/containers/image/pull/2070
* chore(deps): update dependency golangci/golangci-lint to v1.54.1
* chore(deps): update dependency containers/automation_images to v20230809
* fix(deps): update golang.org/x/exp digest to 352e893
* chore(deps): update dependency containers/automation_images to v20230807
* Update to Go 1.19
* fix(deps): update module golang.org/x/term to v0.11.0
* Update c/image for golang.org/x/exp
* RPM: define gobuild macro for rhel/centos stream
* Fix handling the unexpected return value combination from IsRunningImageAllowed
* Close the PolicyContext, as required by the API
* Use globalOptions.getPolicyContext instead of an image-targeted SystemContext
* Packit: remove pre-sync action
* fix(deps): update module github.com/containers/common to v0.55.2
* proxy: Change the imgid to uint64
* [CI:BUILD] Packit: install golist before updating downstream spec
* Update module golang.org/x/term to v0.10.0
* Bump to v1.14.0-dev
* Bump to v1.13.0

- Bump go version to 1.21 (bsc#1215611)

- Update to version 1.13.2:
* [release-1.13] Bump to v1.13.2
* [release-1.31] Bump c/common v0.55.3
* Packit: remove pre-sync action
* [release-1.13] Bump to v1.13.2-dev

- Update to version 1.13.1:
* [release-1.13] Bump to v1.13.1
* [release-1.13] Bump c/common to v0.55.2
* [release-1.13 backport] [CI:BUILD] Packit: install golist before updating downstream spec
* [release-1.13] Bump to v1.13.1-dev

- Update to version 1.13.0:
* Bump to v1.13.0
* proxy: Policy verification of OCI Image before pulling
* Update module github.com/opencontainers/image-spec to v1.1.0-rc4
* Update module github.com/containers/common to v0.55.1
* Update module github.com/containers/common to v0.54.0
* Update module github.com/containers/image/v5 to v5.26.0
* [CI:BUILD] RPM: fix ELN builds
* Update module github.com/containers/storage to v1.47.0
* Packit: easier to read distro conditionals
* Update dependency golangci/golangci-lint to v1.53.3
* Help Renovate manage the golangci-lint version
* Minor: Cleanup renovate configuration
* Update dependency containers/automation_images to v20230614
* Update module golang.org/x/term to v0.9.0
* [CI:BUILD] Packit: add jobs for downstream Fedora package builds
* Update module github.com/sirupsen/logrus to v1.9.3
* Update dependency containers/automation_images to v20230601
* Update golang.org/x/exp digest to 2e198f4
* Update github.com/containers/image/v5 digest to e14c1c5
* Update module github.com/stretchr/testify to v1.8.4
* Update module github.com/stretchr/testify to v1.8.3
* Update dependency containers/automation_images to v20230517
* Update module github.com/sirupsen/logrus to v1.9.2
* Update module github.com/docker/distribution to v2.8.2+incompatible
* Trigger an update of the ostree_ext container image
* Update c/image with https://github.com/containers/image/pull/1944
* Update module github.com/containers/common to v0.53.0
* Update module golang.org/x/term to v0.8.0
* Update dependency containers/automation_images to v20230426
* Update golang.org/x/exp digest to 47ecfdc
* Emphasize the semantics of --preserve-digests a tiny bit
* Improve the static build documentation a tiny bit
* Bump to v1.12.1-dev

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected skopeo package.

See Also

https://bugzilla.suse.com/1215611

https://bugzilla.suse.com/1219563

https://lists.suse.com/pipermail/sle-updates/2024-May/035145.html

Plugin Details

Severity: High

ID: 195106

File Name: suse_SU-2024-1497-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 5/7/2024

Updated: 6/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:skopeo, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/6/2024

Vulnerability Publication Date: 5/6/2024

Reference Information

SuSE: SUSE-SU-2024:1497-1