Privilege Escalation

Singularity is vulnerable to privilege escalation. The vulnerability exists because a malicious user with local network access to the host system may change the behavior of the starter-suid program which could result in potential privilege escalation. The attacker is able to perform this due to t...

CVE-2019-11328

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...

CVE-2019-11328

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...

Privilege escalation

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...

CVE-2019-11328

CVE-2019-11328 affects Singularity 3.1.0–3.2.0-rc2, where insecure permissions in /run/singularity/instances/sing// could allow a local attacker to influence starter-suid and escalate privileges on the host. Public documents indicate a remediation path via upgrading to a newer Singularity release...

CVE-2019-11328

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...

CVE-2019-11328

Removed by vendor...

Fedora Update for singularity FEDORA-2018-6189ba2d87

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : singularity (openSUSE-2019-811)

Singularity was updated to version 2.6.0, bringing features, bugfixes and security fixes. Security issues fixed : - CVE-2018-12021: Fixed access control on systems supporting overlay file system boo1100333. Highlights of 2.6.0 : - Allow admin to specify a non-standard location for mksquashfs bina...

OPENSUSE-SU-2019:0009-1 Security update for singularity

This update for singularity to version 2.6.1 fixes the following issues: Security issues fixed: - CVE-2018-19295: Fixed a local root exploit, related to joining arbitrary mount namespaces boo1111411...

au.com.skytix:mesos-scheduler-client (>=1.0.11 <=1.0.15), au.com.skytix:velocity-scheduler (>=1.0.34 <=1.0.40) +44 more potentially affected by CVE-2018-11793 via org.apache.mesos:mesos (>=0.9.0-incubating <=1.4.2)

org.apache.mesos:mesos MAVEN version =0.9.0-incubating, =1.0.11, =1.0.34, =2.1.7, =2.1.7, =2.2.0, =2.2.0, =0.0.3, =2.1.2, =2.1.2, =0.18.0, =0.1.3, =0.1.3, =0.18.0, =0.18.0, =1.5.0 and more Source cves: CVE-2018-11793 Source advisory: OSV:GHSA-P2XQ-VCM7-XJJ6...

OPENSUSE-SU-2019:0095-1 Security update for singularity

This update for singularity to version 2.6.1 fixes the following issues: Security issues fixed: - CVE-2018-19295: Mount points are not mounted with shared mount propagation by default anymore, as this may result in privilege escalation boo1111411. - CVE-2018-12021: Fixed a incorrect access contro...

Security update for singularity (moderate)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2019:0095-1 Rating: moderate References: 1100333 1111411 Cross-References: CVE-2018-12021 CVE-2018-19295 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 An update that fixes two vulnerabilities...

openSUSE: Security Advisory for singularity (openSUSE-SU-2019:0009-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : singularity (openSUSE-2019-9)

This update for singularity to version 2.6.1 fixes the following issues : Security issues fixed : - CVE-2018-19295: Fixed a local root exploit, related to joining arbitrary mount namespaces boo1111411. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Security update for singularity (important)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2019:0009-1 Rating: important References: 1111411 Cross-References: CVE-2018-19295 Affected Products: openSUSE Leap 15.0 openSUSE Backports SLE-15 An update that fixes one vulnerability is now available...

Fedora 28 : singularity (2018-da87b1e643)

This rebases singularity from 2.2.1 to 2.5.1, which should include all corresponding updates n.b. a request for rebase permission has been put into FESCo; hence auto-push has been disabled until they approve. Please test for functionality and backward compatibility issues, particularly around the...

Fedora 28 : singularity (2018-ae8d35651b)

Update to released upstream 2.6.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Fedora 29 : singularity (2018-6189ba2d87)

Update to released upstream 2.6.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Fedora 28 : singularity (2018-d7125c3900)

This is a straightforward update from 2.5.1 to the newly-released 2.5.2. Release notes are here : https://github.com/singularityware/singularity/releases/tag/2.5.2 The most important fix is a security issue in the overlay code. Please look for regressions in your Singularity runtime workflows. No...