Overview
Request 897440 accepted
- Update to version 3.7.4 (boo#1186619)
Fix for CVE-2021-32635:
Due to incorrect use of a default URL, singularity action commands
(run/shell/exec) specifying a container using a library:// URI will always
attempt to retrieve the container from the default remote endpoint
(cloud.sylabs.io) rather than the configured remote endpoint. An attacker may
be able to push a malicious container to the default remote endpoint with a
URI that is identical to the URI used by a victim with a non-default remote
endpoint, thus executing the malicious container.
- Disabled ppc64le builds as these are non pie builds and so not
suiteable for the distribution in SLE and ppc64le is not relevant
for openSUSE
Request History
mslacken created request
- Update to version 3.7.4 (boo#1186619)
Fix for CVE-2021-32635:
Due to incorrect use of a default URL, singularity action commands
(run/shell/exec) specifying a container using a library:// URI will always
attempt to retrieve the container from the default remote endpoint
(cloud.sylabs.io) rather than the configured remote endpoint. An attacker may
be able to push a malicious container to the default remote endpoint with a
URI that is identical to the URI used by a victim with a non-default remote
endpoint, thus executing the malicious container.
- Disabled ppc64le builds as these are non pie builds and so not
suiteable for the distribution in SLE and ppc64le is not relevant
for openSUSE
maintbot added factory-source as a reviewer
maintbot accepted review
ok
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
factory-source added backports-reviewers as a reviewer
Automated review failed. Needs fallback reviewer.
factory-source accepted review
review failed
bigironman accepted review
LGTM
bigironman approved review
LGTM
msmeissn moved maintenance target to openSUSE:Maintenance:16396
msmeissn accepted request
ok
network:cluster/singularity@2890369126c94e5c92929bfba2ec7f41 -> openSUSE:Backports:SLE-15-SP2:Update/singularity
expected origin is 'openSUSE:Leap:15.2:Update' (changed)