VYPR

rpm package

suse/singularity&distro=SUSE Package Hub 15 SP2

pkg:rpm/suse/singularity&distro=SUSE%20Package%20Hub%2015%20SP2

Vulnerabilities (7)

  • CVE-2021-29136Apr 6, 2021
    affected < 3.7.3-bp152.2.19.3fixed 3.7.3-bp152.2.19.3

    Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used.

  • CVE-2020-15229Oct 14, 2020
    affected < 3.6.4-bp152.2.12.1fixed 3.6.4-bp152.2.12.1

    Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the e

  • CVE-2020-25040Sep 16, 2020
    affected < 3.6.3-bp152.2.8.1fixed 3.6.3-bp152.2.8.1

    Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.

  • CVE-2020-25039Sep 16, 2020
    affected < 3.6.3-bp152.2.8.1fixed 3.6.3-bp152.2.8.1

    Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.

  • CVE-2020-13846Jul 14, 2020
    affected < 3.6.0-bp152.2.4.1fixed 3.6.0-bp152.2.4.1

    Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.

  • CVE-2020-13845Jul 14, 2020
    affected < 3.6.0-bp152.2.4.1fixed 3.6.0-bp152.2.4.1

    Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cr

  • CVE-2020-13847Jul 14, 2020
    affected < 3.6.0-bp152.2.4.1fixed 3.6.0-bp152.2.4.1

    Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.