Unspecified Vulnerability in Sylabs Singularity (CNVD-2020-52437)

Singularity is a Linux-based container platform for running standalone applications. A security vulnerability exists in Sylabs Singularity versions 3.0 through 3.5, which stems from a lack of integrity checks in the program. A remote attacker could exploit the vulnerability by sending a specially...

Unspecified Vulnerability in Sylabs Singularity (CNVD-2020-52438)

Singularity is a Linux-based container platform for running standalone applications. A security vulnerability exists in Sylabs Singularity versions 3.0 through 3.5. An attacker can exploit the vulnerability to bypass ECL protection...

Unspecified Vulnerability in Sylabs Singularity

Singularity is a Linux-based container platform for running standalone applications. A security vulnerability exists in Sylabs Singularity versions 3.5.0 through 3.5.3. An attacker can exploit the vulnerability to run arbitrary SIF containers...

openSUSE Security Update : singularity (openSUSE-2020-1011)

This update for singularity fixes the following issues : - New version 3.6.0. This version introduces a new signature format for SIF images, and changes to the signing / verification code to address the following security problems : - CVE-2020-13845, boo1174150 In Singularity 3.x versions below...

openSUSE: Security Advisory for singularity (openSUSE-SU-2020:1011-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1011-1 Security update for singularity

This update for singularity fixes the following issues: - New version 3.6.0. This version introduces a new signature format for SIF images, and changes to the signing / verification code to address the following security problems: - CVE-2020-13845, boo1174150 In Singularity 3.x versions below...

Security update for singularity (important)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2020:1011-1 Rating: important References: 1174148 1174150 1174152 Cross-References: CVE-2020-13845 CVE-2020-13846 CVE-2020-13847 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities ...

CVE-2020-13847

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file...

CVE-2020-13847

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file...

CVE-2020-13845

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptors in the SIF file, rather than to a cryptographically...

CVE-2020-13846

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code...

CVE-2020-13845

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptors in the SIF file, rather than to a cryptographically...

UBUNTU-CVE-2020-13847

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file...

CVE-2020-13847

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file...

Input validation

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptors in the SIF file, rather than to a cryptographically...

CVE-2020-13846

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code...

UBUNTU-CVE-2020-13845

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptors in the SIF file, rather than to a cryptographically...

Code injection

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code...

UBUNTU-CVE-2020-13846

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code...

Design/Logic Flaw

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file...