Overview

File _patchinfo of Package patchinfo.28991

<patchinfo incident="28991">
  <issue tracker="cve" id="2023-2253"/>
  <issue tracker="bnc" id="1207705">VUL-0: CVE-2023-2253: distribution,docker-distribution: Catalog Endpoint can lead to OOM by user input</issue>
  <issue tracker="bnc" id="1210428">VUL-0: distribution: go1.16 is EOL</issue>
  <packager>dirkmueller</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for distribution</summary>
  <description>This update for distribution fixes the following issues:

Update to verison 2.8.2:

- Revert registry/client: set `Accept: identity` header when getting layers
- Parse `http` forbidden as denied
- Fix CVE-2023-2253 runaway allocation on /v2/_catalog (bsc#1207705)
- Fix panic in inmemory driver
- update to go1.19.9
- Add code to handle pagination of parts. Fixes max layer size of 10GB bug
- Dockerfile: fix filenames of artifacts
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places