434 matches found
Privilege Escalation
singularity-container is vulnerable to privilege escalation. The vulnerability exists due to the singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file, allowing a malicious user to manipulate data without having a proper...
Business Logic Errors
Sylabs Singularity is vulnerable to business logic errors. The vulnerability exists because it fails to report an error in a Status Code which allows an attacker to cause an exploit...
Privilege Escalation
singularity-container is vulnerable to privilege escalation. The library contains an incorrect check of a function's return value, allowing attackers to gain elevated privileges...
Mageia: Security Advisory (MGASA-2022-0006)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202107-50 : Singularity: Remote code execution
The remote host is affected by the vulnerability described in GLSA-202107-50 Singularity: Remote code execution Singularity always uses the default remote endpoint, cloud.syslabs.io, for action commands using the library:// URI rather than the configured remote endpoint. Impact : An attacker that...
MGASA-2022-0006 Updated singularity packages fix security vulnerability
A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." or "/", when running as root. CVE-2021-29136 Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifyin...
Updated singularity packages fix security vulnerability
A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." or "/", when running as root. CVE-2021-29136 Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifyin...
[SECURITY] Fedora 35 Update: singularity-3.8.5-2.fc35
Singularity provides functionality to make portable containers that can be used across host environments...
[SECURITY] Fedora 34 Update: singularity-3.8.5-2.fc34
Singularity provides functionality to make portable containers that can be used across host environments...
Fedora: Security Advisory for singularity (FEDORA-2021-7333cffa91)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for singularity (FEDORA-2021-f6e491390b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
Impact Insecure permissions on temporary directories used in fakeroot or user namespace container execution. When a Singularity action command run, shell, exec is run with the fakeroot or user namespace option, Singularity will extract a container image to a temporary sandbox directory. Due to...
GHSA-W6V2-QCHM-GRJ7 Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
Impact Insecure permissions on temporary directories used in fakeroot or user namespace container execution. When a Singularity action command run, shell, exec is run with the fakeroot or user namespace option, Singularity will extract a container image to a temporary sandbox directory. Due to...
GHSA-557G-R22W-9WVX Incorrect Permission Assignment for Critical Resource in Singularity
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...
Incorrect Permission Assignment for Critical Resource in Singularity
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...
"Verify All" Returns Success Despite Validation Failures in Singularity
Impact The --all / -a option to singularity verify returns success even when some objects in a SIF container are not signed, or cannot be verified. The SIF objects that are not verified are reported in WARNING log messages, but a Container Verified message and exit code of 0 are returned. Workflo...
GHSA-6W7G-P4JH-RF92 "Verify All" Returns Success Despite Validation Failures in Singularity
Impact The --all / -a option to singularity verify returns success even when some objects in a SIF container are not signed, or cannot be verified. The SIF objects that are not verified are reported in WARNING log messages, but a Container Verified message and exit code of 0 are returned. Workflo...
Execution Control List (ECL) Is Insecure in Singularity
Impact The Singularity Execution Control List ECL allows system administrators to set up a policy that defines rules about what signatures must be or must not be present on a SIF container image for it to be permitted to run. In Singularity 3.x versions below 3.6.0, the following issues allow the...
GHSA-PMFR-63C2-JR5C Execution Control List (ECL) Is Insecure in Singularity
Impact The Singularity Execution Control List ECL allows system administrators to set up a policy that defines rules about what signatures must be or must not be present on a SIF container image for it to be permitted to run. In Singularity 3.x versions below 3.6.0, the following issues allow the...
OPENSUSE-SU-2021:1525-1 Security update for singularity
This update for singularity fixes the following issues: Update to 3.8.5: - CVE-2021-41190: Fixed OCI manifest and index parsing confusion boo1193273. - Building Singularity from source requires go greater or equal 1.16. We now aim to support the two most recent stable versions of Go. This...