openSUSE Security Update: Security update for singularity
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2018:3316-1
Rating:             moderate
References:         #1100333 
Cross-References:   CVE-2018-12021
Affected Products:
                    openSUSE Leap 15.0
                    openSUSE Backports SLE-15
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:



   Singularity was updated to version 2.6.0, bringing features, bugfixes and
   security fixes.

   Security issues fixed:

   - CVE-2018-12021: Fixed access control on systems supporting overlay file
     system (boo#1100333).

   Highlights of 2.6.0:

   - Allow admin to specify a non-standard location for mksquashfs binary at
     build time with '--with-mksquashfs' option #1662
   - '--nv' option will use
     [nvidia-container-cli](https://github.com/NVIDIA/libnvidia-container) if
     installed #1681
   - [nvliblist.conf]
   (     onf) now has a section for binaries #1681
   - '--nv' can be made default with all action commands in singularity.conf
     #1681
   - '--nv' can be controlled by env vars '$SINGULARITY_NV' and
     '$SINGULARITY_NV_OFF' #1681
   - Restore shim init process for proper signal handling and child reaping
     when container is initiated in its own PID namespace #1221
   - Add '-i' option to image.create to specify the inode ratio. #1759
   - Bind '/dev/nvidia*' into the container when the '--nv' flag is used in
     conjuction with the '--contain' flag #1358
   - Add '--no-home' option to not mount user $HOME if it is not the $CWD and
     'mount home = yes' is set. #1761
   - Added support for OAUTH2 Docker registries like Azure Container Registry
     #1622

   Highlights of 2.5.2:

   - a new `build` command was added to replace `create` + `bootstrap`
   - default image format is squashfs, eliminating the need to specify a size
   - a `localimage` can be used as a build base, including ext3, sandbox, and
     other squashfs images
   - singularity hub can now be used as a base with the uri
   - Restore docker-extract aufs whiteout handling that implements correct
     extraction of docker container layers.

   Bug fixes:

   - Fix 404 when using Arch Linux bootstrap #1731
   - Fix environment variables clearing while starting instances #1766
   - several more bug fixes, see CHANGELOG.md for details


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.0:

      zypper in -t patch openSUSE-2018-1223=1

   - openSUSE Backports SLE-15:

      zypper in -t patch openSUSE-2018-1223=1



Package List:

   - openSUSE Leap 15.0 (x86_64):

      libsingularity1-2.6.0-lp150.2.3.1
      libsingularity1-debuginfo-2.6.0-lp150.2.3.1
      singularity-2.6.0-lp150.2.3.1
      singularity-debuginfo-2.6.0-lp150.2.3.1
      singularity-debugsource-2.6.0-lp150.2.3.1
      singularity-devel-2.6.0-lp150.2.3.1

   - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

      libsingularity1-2.6.0-bp150.3.3.1
      singularity-2.6.0-bp150.3.3.1
      singularity-devel-2.6.0-bp150.3.3.1


References:

   https://www.suse.com/security/cve/CVE-2018-12021.html
   https://bugzilla.suse.com/1100333

--

openSUSE: 2018:3316-1: moderate: singularity

October 23, 2018
An update that fixes one vulnerability is now available.

Description

Singularity was updated to version 2.6.0, bringing features, bugfixes and security fixes. Security issues fixed: - CVE-2018-12021: Fixed access control on systems supporting overlay file system (boo#1100333). Highlights of 2.6.0: - Allow admin to specify a non-standard location for mksquashfs binary at build time with '--with-mksquashfs' option #1662 - '--nv' option will use [nvidia-container-cli](https://github.com/NVIDIA/libnvidia-container) if installed #1681 - [nvliblist.conf] ( onf) now has a section for binaries #1681 - '--nv' can be made default with all action commands in singularity.conf #1681 - '--nv' can be controlled by env vars '$SINGULARITY_NV' and '$SINGULARITY_NV_OFF' #1681 - Restore shim init process for proper signal handling and child reaping when container is initiated in its own PID namespace #1221 - Add '-i' option to image.create to specify the inode ratio. #1759 - Bind '/dev/nvidia*' into the container when the '--nv' flag is used in conjuction with the '--contain' flag #1358 - Add '--no-home' option to not mount user $HOME if it is not the $CWD and 'mount home = yes' is set. #1761 - Added support for OAUTH2 Docker registries like Azure Container Registry #1622 Highlights of 2.5.2: - a new `build` command was added to replace `create` + `bootstrap` - default image format is squashfs, eliminating the need to specify a size - a `localimage` can be used as a build base, including ext3, sandbox, and other squashfs images - singularity hub can now be used as a base with the uri - Restore docker-extract aufs whiteout handling that implements correct extraction of docker container layers. Bug fixes: - Fix 404 when using Arch Linux bootstrap #1731 - Fix environment variables clearing while starting instances #1766 - several more bug fixes, see CHANGELOG.md for details

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1223=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2018-1223=1


Package List

- openSUSE Leap 15.0 (x86_64): libsingularity1-2.6.0-lp150.2.3.1 libsingularity1-debuginfo-2.6.0-lp150.2.3.1 singularity-2.6.0-lp150.2.3.1 singularity-debuginfo-2.6.0-lp150.2.3.1 singularity-debugsource-2.6.0-lp150.2.3.1 singularity-devel-2.6.0-lp150.2.3.1 - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64): libsingularity1-2.6.0-bp150.3.3.1 singularity-2.6.0-bp150.3.3.1 singularity-devel-2.6.0-bp150.3.3.1


References

https://www.suse.com/security/cve/CVE-2018-12021.html https://bugzilla.suse.com/1100333--


Severity
Announcement ID: openSUSE-SU-2018:3316-1
Rating: moderate
Affected Products: openSUSE Leap 15.0 openSUSE Backports SLE-15

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved