rpm package
opensuse/singularity-ce&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/singularity-ce&distro=openSUSE%20Tumbleweed
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-3727 | Hig | 8.3 | < 4.1.3-1.1 | 4.1.3-1.1 | May 14, 2024 | A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. | |
| CVE-2024-23653 | — | < 4.1.3-1.1 | 4.1.3-1.1 | Jan 31, 2024 | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use th | ||
| CVE-2024-23652 | — | < 4.1.3-1.1 | 4.1.3-1.1 | Jan 31, 2024 | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file o | ||
| CVE-2024-23651 | — | < 4.1.3-1.1 | 4.1.3-1.1 | Jan 31, 2024 | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host syste | ||
| CVE-2024-23650 | — | < 4.1.3-1.1 | 4.1.3-1.1 | Jan 31, 2024 | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a | ||
| CVE-2024-21626 | — | < 4.1.3-1.1 | 4.1.3-1.1 | Jan 31, 2024 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the h | ||
| CVE-2022-23538 | — | < 4.1.3-1.1 | 4.1.3-1.1 | Jan 17, 2023 | github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library servic | ||
| CVE-2022-39237 | — | < 4.1.3-1.1 | 4.1.3-1.1 | Oct 6, 2022 | syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is ava |
- affected < 4.1.3-1.1fixed 4.1.3-1.1
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
- CVE-2024-23653Jan 31, 2024affected < 4.1.3-1.1fixed 4.1.3-1.1
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use th
- CVE-2024-23652Jan 31, 2024affected < 4.1.3-1.1fixed 4.1.3-1.1
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file o
- CVE-2024-23651Jan 31, 2024affected < 4.1.3-1.1fixed 4.1.3-1.1
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host syste
- CVE-2024-23650Jan 31, 2024affected < 4.1.3-1.1fixed 4.1.3-1.1
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a
- CVE-2024-21626Jan 31, 2024affected < 4.1.3-1.1fixed 4.1.3-1.1
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the h
- CVE-2022-23538Jan 17, 2023affected < 4.1.3-1.1fixed 4.1.3-1.1
github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library servic
- CVE-2022-39237Oct 6, 2022affected < 4.1.3-1.1fixed 4.1.3-1.1
syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is ava