openSUSE-SU-2021:0810-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0810-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:0810-1
Related
Published
2021-05-30T12:05:05Z
Modified
2021-05-30T12:05:05Z
Summary
Security update for singularity
Details

This update for singularity fixes the following issues:

singularity was updated to version 3.7.3:

  • Fix for CVE-2021-29136: A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name '.' (or '/'), when running as root.
References

Affected packages

SUSE:Package Hub 15 SP2 / singularity

Package

Name
singularity
Purl
pkg:rpm/suse/singularity&distro=SUSE%20Package%20Hub%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-bp152.2.19.3

Ecosystem specific 

{
    "binaries": [
        {
            "singularity": "3.7.3-bp152.2.19.3"
        }
    ]
}