openSUSE-SU-2021:1525-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1525-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2021:1525-1
Related
Published
2021-12-04T13:06:13Z
Modified
2021-12-04T13:06:13Z
Summary
Security update for singularity
Details

This update for singularity fixes the following issues:

Update to 3.8.5:

  • CVE-2021-41190: Fixed OCI manifest and index parsing confusion (boo#1193273).
  • Building Singularity from source requires go greater or equal 1.16. We now aim to support the two most recent stable versions of Go. This corresponds to the Go Release Maintenance Policy
  • Sourcing a script based on PATH is now permitted, fixing a regression introduced in 3.6.0.
  • Environment variables in container definition files are properly scoped, fixing a regression introduced in 3.8.0.
  • Fix the oras contexts to avoid hangs upon failed pushes to Harbor registry.
References

Affected packages

SUSE:Package Hub 15 SP3 / singularity

Package

Name
singularity
Purl
purl:rpm/suse/singularity&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.8.5-bp153.2.10.1

Ecosystem specific

{
    "binaries": [
        {
            "singularity": "3.8.5-bp153.2.10.1"
        }
    ]
}

openSUSE:Leap 15.3 / singularity

Package

Name
singularity
Purl
purl:rpm/suse/singularity&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.8.5-bp153.2.10.1

Ecosystem specific

{
    "binaries": [
        {
            "singularity": "3.8.5-bp153.2.10.1"
        }
    ]
}