8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
An update that solves 5 vulnerabilities and has one errata
is now available.
Description:
This update for singularity fixes the following issues:
New version 3.6.0. This version introduces a new signature format for
SIF images, and changes to the signing / verification code to address
the following security problems:
New features / functionalities
Changed defaults / behaviours
- New signature format (see security fixes above).
- Fixed spacing of singularity instance list to be dynamically changing
based off of input lengths instead of fixed number of spaces to account
for long instance names.
- Environment variables prefixed with SINGULARITYENV_ always take
precedence over variables without SINGULARITYENV_ prefix.
- The %post build section inherits environment variables from the base
image.
- %files from … will now follow symlinks for sources that are directly
specified, or directly resolved from a glob pattern. It will not follow
symlinks found through directory traversal. This mirrors Docker
multi-stage COPY behaviour.
- Restored the CWD mount behaviour of v2, implying that CWD path is not
recreated inside container and any symlinks in the CWD path are not
resolved anymore to determine the destination path inside container.
- The %test build section is executed the same manner as singularity test
image.
–fusemount with the container: default directive will foreground the
FUSE process. Use container-daemon: for previous behavior.
Deprecate -a / --all option to sign/verify as new signature behavior
makes this the default.
For more information about upstream changes, please check:
https://github.com/hpcng/singularity/blob/master/CHANGELOG.md
Removed --name flag for cache clean; replaced with --days.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1037=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.1 | x86_64 | < - openSUSE Leap 15.1 (x86_64): | - openSUSE Leap 15.1 (x86_64):.x86_64.rpm |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C