Oracle Linux 9 : skopeo (ELSA-2023-2283)

low Nessus Plugin ID 175703

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2283 advisory.

[2:1.11.2-0.1]
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 (https://github.com/containers/skopeo/commit/3f98753)
- Related: #2124478

[2:1.11.1-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.11.1
- Related: #2124478

[2:1.11.0-1]
- update to 1.11.0 release
- Related: #2124478

[2:1.11.0-0.4]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/b3b2c73)
- Related: #2124478

[2:1.11.0-0.3]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/fe15a36)
- Related: #2124478

[2:1.11.0-0.2]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/8e09e64)
- Related: #2124478

[2:1.11.0-0.1]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/2817510)
- Related: #2124478

[2:1.10.0-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.10.0
- Related: #2124478

[2:1.9.3-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.9.3
- Related: #2124478

[2:1.9.2-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.9.2
- Related: #2061316

[2:1.9.1-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.9.1
- Related: #2061316

[2:1.9.0-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.9.0
- Related: #2061316

[2:1.8.0-4]
- Re-enable debuginfo
- Related: #2061316

[2:1.8.0-3]
- BuildRequires: /usr/bin/go-md2man
- Related: #2061316

[2:1.8.0-2]
- enable LTO
- Related: #1988128

[2:1.8.0-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.8.0
- Related: #2061316

[2:1.7.0-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.7.0
- Related: #2061316

[2:1.6.1-4]
- add tags: classic (Ed Santiago)
- Related: #2061316

[2:1.6.1-3]
- remove BATS from required packages (Ed Santiago)
- Related: #2061316

[2:1.6.1-2]
- be sure to install BATS before gating tests are executed (thanks to Ed Santiago)
- Related: #2061316

[2:1.6.1-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.6.1
- Related: #2000051

[2:1.6.0-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.6.0
- Related: #2000051

[2:1.5.2-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.5.2
- Related: #2000051

[2:1.5.1-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.5.1
- Related: #2000051

[2:1.5.1-0.9]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/4acc9f0)
- Related: #2000051

[2:1.5.1-0.8]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/c2732cb)
- Related: #2000051

[2:1.5.1-0.7]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/01e58f8)
- Related: #2000051

[2:1.5.1-0.6]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/8f64c04)
- Related: #2000051

[2:1.5.1-0.5]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/8182255)
- Related: #2000051

[2:1.5.1-0.4]
- bump Epoch to preserve upgrade patch from RHEL8
- Related: #2000051

[1:1.5.1-0.3]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/9c9a9f3)
- Related: #2000051

[1:1.5.1-0.2]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/116e75f)
- Related: #2000051

[1:1.5.1-0.1]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/fc81803)
- Related: #2000051

[1:1.4.1-0.14]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/ff88d3f)
- Related: #2000051

[1:1.4.1-0.13]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/a95b0cc)
- Related: #2000051

[1:1.4.1-0.12]
- add skopeo tests from Fedora
- Related: #2000051

[1:1.4.1-0.11]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/53cf287)
- Related: #2000051

[1:1.4.1-0.10]
- add gating.yaml
- Related: #2000051

[1:1.4.1-0.9]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/86fa758)
- Related: #2000051

[1:1.4.1-0.8]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/2c2e5b7)
- Related: #2000051

[1:1.4.1-0.7]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/25d3e7b)
- Related: #2000051

[1:1.4.1-0.6]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/c5a5199)
- Related: #2000051

[1:1.4.1-0.5]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/db1e814)
- Related: #2000051

[1:1.4.1-0.4]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/31b8981)
- Related: #2000051

[1:1.4.1-0.3]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/177443f)
- Related: #2000051

[1:1.4.1-0.2]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/30f208e)
- Related: #2000051

[1:1.4.1-0.1]
- update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/47b8082)
- Related: #2000051

[1:1.4.1-1]
- rebuild with containers-common dep fixed
- Related: #2000051

[1:1.4.0-7]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688

[1:1.4.0-6]
- be sure short-name-mode is permissive in RHEL8
- Related: #1970747

[1:1.4.0-5]
- don't define short-name-mode in RHEL8
- Related: #1970747

[1:1.4.0-4]
- put both RHEL8 and RHEL9 conditional configurations into update.sh
- Related: #1970747

[1:1.4.0-3]
- update vendored components
- always require runc on RHEL8 or lesser
- Related: #1970747

[1:1.4.0-2]
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.4 (https://github.com/containers/skopeo/commit/a44da44)
- Related: #1970747

[1:1.4.0-1]
- update to 1.4.0 release and switch to the release-1.4 maint branch
- Related: #1970747

[1:1.4.0-0.2]
- update vendored components
- ship /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release only on non-RHEL and CentOS distros
- Related: #1970747

[1:1.4.0-0.1]
- switch to the main branch of skopeo
- Related: #1970747

[1:1.3.1-9]
- Add support for signed RHEL images, enabled by default
- Related: #1970747

[1:1.3.1-8]
- update seccomp.json from Fedora to allow clone3 to pass
- Related: #1970747

[1:1.3.1-7]
- update shortnames from Pyxis
- put RHEL9/UBI9 images into overrides
- Related: #1970747

[1:1.3.1-6]
- correct name of the option is 'short-name-mode' not 'short-names-mode'
- Related: #1970747

[1:1.3.1-5]
- handle CentOS Stream while updating vendored components
- Related: #1970747

[1:1.3.1-4]
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.3 (https://github.com/containers/skopeo/commit/038f70e)
- Related: #1970747

[1:1.3.1-3]
- update registries.conf to be consistent with upstream
- Related: #1970747

[1:1.3.1-2]
- consume content from the release-1.3 upstream branch
- Related: #1970747

[1:1.3.1-1]
- update to https://github.com/containers/skopeo/releases/tag/v1.3.1
- Related: #1970747

[1:1.3.0-7]
- Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065

[1:1.3.0-6]
- set short-names-mode = 'enforcing' in registries.conf
- Resolves: #1971752

[1:1.3.0-5]
- configure for RHEL9
- Related: #1970747

[1:1.3.0-4]
- add missing containers-mounts.conf.5.md file to git
- don't list/install the same doc twice
- Related: #1970747

[1:1.3.0-3]
- update to new versions of vendored components
- fail is there is an issue in communication with Pyxis API
- understand devel branch in update.sh script, use pkg wrapper
- sync with Pyxis
- use containers-mounts.conf.5.md from containers/common
- Related: #1970747

[1:1.2.2-4]
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

[1:1.2.2-3]
- disable LTO again

[1:1.2.2-2]
- use rhel-shortnames only from trusted registries
- sync with config files from current versions of vendored projects

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected skopeo and / or skopeo-tests packages.

See Also

https://linux.oracle.com/errata/ELSA-2023-2283.html

Plugin Details

Severity: Low

ID: 175703

File Name: oraclelinux_ELSA-2023-2283.nasl

Version: 1.2

Type: local

Agent: unix

Published: 5/15/2023

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2022-30629

CVSS v3

Risk Factor: Low

Base Score: 3.1

Temporal Score: 2.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:skopeo-tests, p-cpe:/a:oracle:linux:skopeo, cpe:/o:oracle:linux:9

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/15/2023

Vulnerability Publication Date: 6/7/2022

Reference Information

CVE: CVE-2022-30629, CVE-2022-41717

IAVB: 2022-B-0059-S