Unrated severityNVD Advisory· Published Jul 14, 2020· Updated Aug 4, 2024
CVE-2020-13847
CVE-2020-13847
Description
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.
Affected products
6- Sylabs/Singularitydescription
- Range: >=3.0, <=3.5
- osv-coords4 versionspkg:rpm/opensuse/singularity&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/singularity&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/singularity&distro=openSUSE%20Tumbleweedpkg:rpm/suse/singularity&distro=SUSE%20Package%20Hub%2015%20SP2
< 3.6.0-lp151.2.6.1+ 3 more
- (no CPE)range: < 3.6.0-lp151.2.6.1
- (no CPE)range: < 3.6.0-lp152.2.3.1
- (no CPE)range: < 3.8.3-1.2
- (no CPE)range: < 3.6.0-bp152.2.4.1
Patches
Vulnerability mechanics
References
5- lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.htmlmitrevendor-advisoryx_refsource_SUSE
- github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9vmitrex_refsource_MISC
- medium.com/sylabsmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.