Описание
Security update for singularity
This update for singularity fixes the following issues:
- CVE-2019-19724: Fixed incorrect file permissions on user configuration and cache directories (boo#1159550).
Список пакетов
openSUSE Leap 15.1
libsingularity1-2.6.1-lp151.2.3.1
singularity-2.6.1-lp151.2.3.1
singularity-devel-2.6.1-lp151.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0057-1
- SUSE Security Ratings
- SUSE Bug 1159550
- SUSE CVE CVE-2019-19724 page
Описание
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
Затронутые продукты
openSUSE Leap 15.1:libsingularity1-2.6.1-lp151.2.3.1
openSUSE Leap 15.1:singularity-2.6.1-lp151.2.3.1
openSUSE Leap 15.1:singularity-devel-2.6.1-lp151.2.3.1
Ссылки
- CVE-2019-19724
- SUSE Bug 1159550