UBUNTU-CVE-2022-39237

Source
https://ubuntu.com/security/CVE-2022-39237
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-39237.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-39237
Related
Published
2022-10-06T18:16:00Z
Modified
2024-10-15T14:10:10Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.

References

Affected packages

Ubuntu:Pro:18.04:LTS / singularity-container

Package

Name
singularity-container
Purl
pkg:deb/ubuntu/singularity-container?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.1-2
2.3.2-1
2.4.1-1
2.4.2-2
2.4.2-3
2.4.2-4
2.4.2-4ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / golang-github-sylabs-sif

Package

Name
golang-github-sylabs-sif
Purl
pkg:deb/ubuntu/golang-github-sylabs-sif?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.9-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / golang-github-sylabs-sif

Package

Name
golang-github-sylabs-sif
Purl
pkg:deb/ubuntu/golang-github-sylabs-sif?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.9-2.1
1.0.9-2.1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / golang-github-sylabs-sif

Package

Name
golang-github-sylabs-sif
Purl
pkg:deb/ubuntu/golang-github-sylabs-sif?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.3-2build1
2.16.0-2
2.17.0-1
2.18.0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / singularity-container

Package

Name
singularity-container
Purl
pkg:deb/ubuntu/singularity-container?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.1+ds2-1build1
4.1.2+ds1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / golang-github-sylabs-sif

Package

Name
golang-github-sylabs-sif
Purl
pkg:deb/ubuntu/golang-github-sylabs-sif?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.3-2build1
2.8.3-2ubuntu0.24.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / singularity-container

Package

Name
singularity-container
Purl
pkg:deb/ubuntu/singularity-container?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.1+ds2-1
4.1.1+ds2-1build1
4.1.1+ds2-1ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}