Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-39237

Опубликовано: 06 окт. 2022
Источник: debian

Описание

syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-github-sylabs-siffixed2.8.3-1package
golang-github-sylabs-sifno-dsabullseyepackage
singularity-containerfixed3.10.3+ds1-1package

Примечания

  • https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8

  • https://github.com/sylabs/sif/commit/21972852d8783bc93fbf080190de8e1978f1c254 (v2.8.1)

  • https://github.com/sylabs/sif/commit/a854038ce1f18237b81d505a1c3be6a60505db52 (v2.8.1)

Связанные уязвимости

ubuntu логотип

CVE-2022-39237

CVSS3: 6.3
ubuntu
больше 3 лет назад

syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.

nvd логотип

CVE-2022-39237

CVSS3: 6.3
nvd
больше 3 лет назад

syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.

github логотип

GHSA-m5m3-46gj-wch8

CVSS3: 6.3
github
больше 3 лет назад

SIF's Digital Signature Hash Algorithms Not Validated

suse-cvrf логотип

openSUSE-SU-2023:0018-1

suse-cvrf
около 3 лет назад

Security update for apptainer