Bug 1174148 - (CVE-2020-13846) VUL-0: CVE-2020-13846: singularity: failure to report an error in signature Status Code
(CVE-2020-13846)
VUL-0: CVE-2020-13846: singularity: failure to report an error in signature ...
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Ana Guerrero
Security Team bot
https://smash.suse.de/issue/263371/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-07-15 08:11 UTC by Alexandros Toptsoglou
Modified: 2021-11-08 14:36 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Egbert Eich 2020-07-15 10:28:11 UTC
Bascially, this amounts to updating singularity 3.6.0 (please mention this CVE and bug ID), submitting it to Factory and providing a maintenance update for Leap 15.0, 15.1 and 15.2.
Comment 2 Ana Guerrero 2020-07-15 15:50:28 UTC
Singularity 3.6.0 updated in:

Factory:   https://build.opensuse.org/request/show/821083
Leap 15.2: https://build.opensuse.org/request/show/821122
Leap 15.1: https://build.opensuse.org/request/show/821131

Leap 15.0 has reached its end of life and does't have Go 1.13 needed by singularity since 3.5.
Comment 3 Swamp Workflow Management 2020-07-19 16:13:40 UTC
openSUSE-SU-2020:1011-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1174148,1174150,1174152
CVE References: CVE-2020-13845,CVE-2020-13846,CVE-2020-13847
Sources used:
openSUSE Leap 15.2 (src):    singularity-3.6.0-lp152.2.3.1
Comment 4 Swamp Workflow Management 2020-07-23 10:15:55 UTC
openSUSE-SU-2020:1037-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1125369,1128598,1159550,1174148,1174150,1174152
CVE References: CVE-2019-11328,CVE-2019-19724,CVE-2020-13845,CVE-2020-13846,CVE-2020-13847
Sources used:
openSUSE Leap 15.1 (src):    singularity-3.6.0-lp151.2.6.1
Comment 5 Swamp Workflow Management 2020-09-18 16:49:42 UTC
openSUSE-SU-2020:1100-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1174148,1174150,1174152
CVE References: CVE-2020-13845,CVE-2020-13846,CVE-2020-13847
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    singularity-3.6.0-bp152.2.4.1