UBUNTU-CVE-2021-29499
- Source
- https://ubuntu.com/security/CVE-2021-29499
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-29499.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-29499
- Related
- Published
- 2021-05-07T21:15:00Z
- Modified
- 2025-01-13T10:22:32Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
SIF is an open source implementation of the Singularity Container Image Format. The
siftool newcommand and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of thegithub.com/satori/go.uuidmodule used as a dependency. A patch is available in version >= v1.2.3 of the module. Users are encouraged to upgrade. As a workaround, users passing CreateInfo struct should ensure theIDfield is generated using a version ofgithub.com/satori/go.uuidthat is not vulnerable to this issue. - References
Affected packages
Ubuntu:20.04:LTS / golang-github-sylabs-sif
Package
- Name
- golang-github-sylabs-sif
- Purl
- pkg:deb/ubuntu/golang-github-sylabs-sif@1.0.9-1?arch=source&distro=focal
Ubuntu:22.04:LTS / golang-github-sylabs-sif
Package
- Name
- golang-github-sylabs-sif
- Purl
- pkg:deb/ubuntu/golang-github-sylabs-sif@1.0.9-2.1ubuntu0.1?arch=source&distro=jammy
Ubuntu:24.10 / golang-github-sylabs-sif
Package
- Name
- golang-github-sylabs-sif
- Purl
- pkg:deb/ubuntu/golang-github-sylabs-sif@2.18.0-1?arch=source&distro=oracular