7 matches found
SUSE CVE-2020-25040
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039...
OPENSUSE-SU-2020:1529-1 Security update for singularity
This update for singularity fixes the following issues: New version 3.6.3, addresses the following security issues: - CVE-2020-25039, boo1176705 When a Singularity action command run, shell, exec is run with the fakeroot or user namespace option, Singularity will extract a container image to a...
Security update for singularity (moderate)
openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2020:1529-1 Rating: moderate References: 1176705 1176707 Cross-References: CVE-2020-25039 CVE-2020-25040 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes two vulnerabilities is now availabl...
openSUSE: Security Advisory for singularity (openSUSE-SU-2020:1497-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : singularity (openSUSE-2020-1497)
This update for singularity fixes the following issues : New version 3.6.3, addresses the following security issues : - CVE-2020-25039, boo1176705 When a Singularity action command run, shell, exec is run with the fakeroot or user namespace option, Singularity will extract a container image to a...
Security update for singularity (moderate)
openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2020:1497-1 Rating: moderate References: 1176705 1176707 Cross-References: CVE-2020-25039 CVE-2020-25040 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 An update that fixes two vulnerabilities is now...
CVE-2020-25040
CVE-2020-25040 affects Sylabs Singularity prior to 3.6.3, with insecure permissions on temporary directories during container build operations, enabling a logged-in user to read image contents and potentially inject content if world-writable files exist. Public advisories (openSUSE/SLE updates) s...