openSUSE Security Update: Security update for singularity
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:1525-1
Rating:             moderate
References:         #1193273 
Cross-References:   CVE-2021-41190
CVSS scores:
                    CVE-2021-41190 (NVD) : 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N

Affected Products:
                    openSUSE Backports SLE-15-SP3
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for singularity fixes the following issues:

   Update to 3.8.5:

   - CVE-2021-41190: Fixed OCI manifest and index parsing confusion
     (boo#1193273).
   - Building Singularity from source requires go greater or equal 1.16. We
     now aim to support the two most recent stable versions of Go. This
     corresponds to the Go Release Maintenance Policy
   - Sourcing a script based on PATH is now permitted, fixing a regression
     introduced in 3.6.0.
   - Environment variables in container definition files are properly scoped,
     fixing a regression introduced in 3.8.0.
   - Fix the oras contexts to avoid hangs upon failed pushes to Harbor
     registry.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP3:

      zypper in -t patch openSUSE-2021-1525=1



Package List:

   - openSUSE Backports SLE-15-SP3 (aarch64 i586 s390x x86_64):

      singularity-3.8.5-bp153.2.10.1


References:

   https://www.suse.com/security/cve/CVE-2021-41190.html
   https://bugzilla.suse.com/1193273

openSUSE: 2021:1525-1 moderate: singularity

December 4, 2021
An update that fixes one vulnerability is now available

Description

This update for singularity fixes the following issues: Update to 3.8.5: - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (boo#1193273). - Building Singularity from source requires go greater or equal 1.16. We now aim to support the two most recent stable versions of Go. This corresponds to the Go Release Maintenance Policy - Sourcing a script based on PATH is now permitted, fixing a regression introduced in 3.6.0. - Environment variables in container definition files are properly scoped, fixing a regression introduced in 3.8.0. - Fix the oras contexts to avoid hangs upon failed pushes to Harbor registry.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2021-1525=1


Package List

- openSUSE Backports SLE-15-SP3 (aarch64 i586 s390x x86_64): singularity-3.8.5-bp153.2.10.1


References

https://www.suse.com/security/cve/CVE-2021-41190.html https://bugzilla.suse.com/1193273


Severity
Announcement ID: openSUSE-SU-2021:1525-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP3 .

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved